Requesting Explaination of Public-Key Cryptography

Hello, I'm trying to understand PK crypto and I'm just not understanding something correctly or something is just not clicking in my head. What I have thusfar is that the public key is out there, in the ether, per se, and then I want to encrypt a message. For this example, let's say that there are three people involved: Matt, Mindy, and Mike. Matt and Mindy want to confidentially talk, and Mike wants to snoop. So, Matt encrypts a message with the public key (? is this right) and sends it to Mindy. She decrypts it with her private key (? is this right). So what's stopping Mike from just decrypting it with a made up private key of his own? --- This is really frustrating me, I think that it's staring me right in the face but I've been thinking about this all day and I'm all flustered because I don't see the security in this. Do the keys need to be exchanged (diffie-hoffman?) in this case, can you sniff for other user's keys? So maybe a simple explaination of PK encryption might be helpful. You'd be doing me a huge service in helping me--I'm the kind of person who just beats his head in when I can't understand something. Thanks in advance. Sincerely, msbachman

0

Comments

Think of it this way: If Tom wants to send Susan a message and make sure its stays private, he will encrypt the message with HER public key. Susan will then use HER private key ( which only she possesses) and uses it to decrypt the message. Susan can give her public to anybody who needs to send her a message.
If nosy frank intecepts the message from Tom to Susan, he can't decrypt it, it will be gibberish to him.

It did help quite a bit. So, each person involved in a PK crypt. exchange has their own public key? : So like for people sending me a message, I would have a public key, and they'd use that to encrypt it?

In regards to the first follow up question in the paragraph I just wrote, if this is the case, then everything is clear now. THANKS!

Oh, and I'm working with TestOut Navigator 5.0 Security+. It's alright, but I am up for suggestions if you would be willing to provide any.

Correct, each party has their own public/private key pair. If you want people to encrypt something that only you can see, you give them your public key. If you're encrypting something for someone else, you use their public key.

Have you got to signing yet? If you sign something, you use your private key. Nothing is kept confidential since anyone can decrypt it with your public key. However, it verifies the authenticity of whatever was signed (email, software, etc.) because only the person with the private key could do that.

Think of it this way: If Tom wants to send Susan a message and make sure its stays private, he will encrypt the message with HER public key. Susan will then use HER private key ( which only she possesses) and uses it to decrypt the message. Susan can give her public to anybody who needs to send her a message.
If nosy frank intecepts the message from Tom to Susan, he can't decrypt it, it will be gibberish to him.

Public key= available to anybody
Private key = kept secret.

They are like a matched set. one locks, the other unlocks.

Hope that helps. What books are you reading?

Exactly, and if Tom wants to prove to Susan that it's really him sending the message, he can digitally sign the message with his private key and Susan can verify that it's him with his public key. (That's the whole "key-exchange" part, they each give a public key to the other.)